From ff03545d0cafb80353e0c096d5fc7ca7d6b0baa8 Mon Sep 17 00:00:00 2001 From: Perside Rosalie Date: Sat, 2 May 2026 15:57:43 +0200 Subject: [PATCH 1/4] Add liveness probe for checking the content of allowlist.txt using an nginx container --- charts/queryservice/templates/deployment.yaml | 25 +++++++++++++++++++ .../templates/nginx-sidecar-config.yaml | 15 +++++++++++ charts/queryservice/values.yaml | 1 + 3 files changed, 41 insertions(+) create mode 100644 charts/queryservice/templates/nginx-sidecar-config.yaml diff --git a/charts/queryservice/templates/deployment.yaml b/charts/queryservice/templates/deployment.yaml index df7dcfa..aa31234 100644 --- a/charts/queryservice/templates/deployment.yaml +++ b/charts/queryservice/templates/deployment.yaml @@ -70,6 +70,28 @@ spec: #TODO allow passing value in values - name: WDQS_ENTITY_NAMESPACES value: 120,122 + - name: queryservice-allowlist-nginx-sidecar + image: nginx + restartPolicy: {{ .Values.image.restartPolicy }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + livenessProbe: + exec: + command: + - /bin/sh + - -c + - 'curl -s http://localhost:8080/allowlist.txt | grep "wikidata.org"' + initialDelaySeconds: 5 + periodSeconds: 5 + #restart the container if it fails 3 times in 15 seconds + failureThreshold: 3 + volumeMounts: + - mountPath: /wdqs/allowlist.txt + subPath: allowlist.txt + name: allowlist + readOnly: true + - mountPath: /etc/nginx/nginx.conf + subPath: nginx.conf + name: nginx-config volumes: - name: data {{- if .Values.persistence.enabled }} @@ -81,6 +103,9 @@ spec: - name: allowlist configMap: name: {{ include "wdqs.fullname" . }}-allowlist + - name: nginx-config + configMap: + name: nginx-sidecar-config {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/queryservice/templates/nginx-sidecar-config.yaml b/charts/queryservice/templates/nginx-sidecar-config.yaml new file mode 100644 index 0000000..67c48c3 --- /dev/null +++ b/charts/queryservice/templates/nginx-sidecar-config.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: nginx-sidecar-config +data: + nginx.conf: | + http { + server { + listen 8080; + + location /allowlist.txt/ { + root /wdqs/ + } + } + } \ No newline at end of file diff --git a/charts/queryservice/values.yaml b/charts/queryservice/values.yaml index fab2290..9bcfb7d 100644 --- a/charts/queryservice/values.yaml +++ b/charts/queryservice/values.yaml @@ -9,6 +9,7 @@ image: repository: ghcr.io/wbstack/queryservice tag: "0.3.6_0.6" pullPolicy: IfNotPresent + restartPolicy: Always app: heapSize: 2g From 36b005289c62186ccd8eaeb9c7c3fabebe0d6ab8 Mon Sep 17 00:00:00 2001 From: Perside Rosalie Date: Sat, 2 May 2026 16:23:04 +0200 Subject: [PATCH 2/4] bump qs chart version --- charts/queryservice/Chart.yaml | 2 +- charts/queryservice/templates/nginx-sidecar-config.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/queryservice/Chart.yaml b/charts/queryservice/Chart.yaml index caca4b4..2a4cd75 100644 --- a/charts/queryservice/Chart.yaml +++ b/charts/queryservice/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: "1.0" description: A Helm chart for Kubernetes name: queryservice -version: 0.2.1 +version: 0.2.2 home: https://github.com/wbstack maintainers: - name: WBstack diff --git a/charts/queryservice/templates/nginx-sidecar-config.yaml b/charts/queryservice/templates/nginx-sidecar-config.yaml index 67c48c3..2d92fbc 100644 --- a/charts/queryservice/templates/nginx-sidecar-config.yaml +++ b/charts/queryservice/templates/nginx-sidecar-config.yaml @@ -8,7 +8,7 @@ data: server { listen 8080; - location /allowlist.txt/ { + location /allowlist.txt { root /wdqs/ } } From 465e5b7c505cc3d391ddb62d12c875152e0a187c Mon Sep 17 00:00:00 2001 From: Perside Rosalie Date: Sat, 2 May 2026 17:23:41 +0200 Subject: [PATCH 3/4] Properly create the nginx container as a sidecar. --- charts/queryservice/templates/deployment.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/charts/queryservice/templates/deployment.yaml b/charts/queryservice/templates/deployment.yaml index aa31234..59ab698 100644 --- a/charts/queryservice/templates/deployment.yaml +++ b/charts/queryservice/templates/deployment.yaml @@ -70,6 +70,7 @@ spec: #TODO allow passing value in values - name: WDQS_ENTITY_NAMESPACES value: 120,122 + initContainers: - name: queryservice-allowlist-nginx-sidecar image: nginx restartPolicy: {{ .Values.image.restartPolicy }} From b8e261eab70036005f9bf8a79bb02f8d8c09efe1 Mon Sep 17 00:00:00 2001 From: Perside Rosalie Date: Sat, 2 May 2026 18:47:13 +0200 Subject: [PATCH 4/4] fix the nginx config file and remove the curl check as nginx does not have the curl command by default --- charts/queryservice/templates/deployment.yaml | 8 +++----- charts/queryservice/templates/nginx-sidecar-config.yaml | 5 +++-- 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/charts/queryservice/templates/deployment.yaml b/charts/queryservice/templates/deployment.yaml index 59ab698..a3b5bbf 100644 --- a/charts/queryservice/templates/deployment.yaml +++ b/charts/queryservice/templates/deployment.yaml @@ -76,11 +76,9 @@ spec: restartPolicy: {{ .Values.image.restartPolicy }} imagePullPolicy: {{ .Values.image.pullPolicy }} livenessProbe: - exec: - command: - - /bin/sh - - -c - - 'curl -s http://localhost:8080/allowlist.txt | grep "wikidata.org"' + httpGet: + path: /allowlist.txt + port: 8080 initialDelaySeconds: 5 periodSeconds: 5 #restart the container if it fails 3 times in 15 seconds diff --git a/charts/queryservice/templates/nginx-sidecar-config.yaml b/charts/queryservice/templates/nginx-sidecar-config.yaml index 2d92fbc..0d0fd91 100644 --- a/charts/queryservice/templates/nginx-sidecar-config.yaml +++ b/charts/queryservice/templates/nginx-sidecar-config.yaml @@ -4,12 +4,13 @@ metadata: name: nginx-sidecar-config data: nginx.conf: | + events {} http { server { listen 8080; location /allowlist.txt { - root /wdqs/ + root /wdqs/; } } - } \ No newline at end of file + }